>I want to show the E-mail address and the time of all rejected E-mails for a
>specific E-mail address.
>using the awk print option, I can specify which field to display, but
>depending on what caused the reject, the fields are not the same.
>So if I tweak it to print a certain type of reject fine, it won't display
>the next set correctly.
>
>I was wondering if there was a way to say, print the time, from field, to
>field, reason for reject regardless of what field they are in.
maybe this could get you on the right path:
For smtpd_*_restrictions, $10 is always the ptr[ip].
The second ;-delimited clause is from:, to:, helo:protocol, helo hostname,
which are $(line-word-count), $(line-word-count - 2), $(line-word-count - 3).
# egrep -i "mta_client_providers" /var/log/maillog | head -n 1 | wc -w
36
awking out the 4tuple would be:
awk '/mta_clients_providers/ {print $10, $(36-3), $(36-2), $36}'
/var/log/maillog
In awk the variable NF is number-of-fields in a line :)), so
awk '/mta_clients_providers/ {print $10, $(NF-3), $(NF-2), $NF}'
/var/log/maillog
and to sort by PTR:
awk '/mta_clients_providers/ {print $10, $(NF-3), $(NF-2), $NF}'
/var/log/maillog |\
sort -t[ -k2 | less
but reject lines for cleanup rejects for header and body don't work since
the phrase rejected is included in the log line and if of varying number of
words.
Len
